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(54) Method for verifying the expected postage security device and its status 



(57) A secure and reliable method for verifying in 
the host system that the expected PSD is coupled to the 
host system includes generating a random number in 
the host system and encrypting the random number 
with a PSD state identification number. The encrypted 
random number is then sent to the PSD. The PSD 
decrypts the encrypted random number received using 
the PSD state identification number and sends the 
decrypted random number to the host system. The host 
system compares the decrypted random number 
received from the PSD to the random number gener- 
ated in the host system. If they are the same, the host 
system has verified the expected PSD and has also ver- 
ified that the PSD has not completed any transactions 
apart from the host system. A method for verifying that 
the expected host is coupled to the PSD mirrors the 
method for verifying the expected PSD. 
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Description 

The present invention relates generally to a system 
and method for postage metering security and, more 
particularly, to systems and methods for verifying s 
authorized postage security devices. 

The Information-Based Indicia Program (IBIP) is a 
distributed trusted system proposed by the United 
States Postal Service (USPS). The IBIP is expected to 
support new methods of applying postage in addition to, w 
and eventually in lieu of, the current approach, which 
typically relies on a postage meter to mechanically print 
indicia on mailpieces. The IBIP requires printing large, 
high density, two dimensional (2-D) bar codes on mail- 
pieces. The Postal Service expects the IBIP to provide is 
cost-effective assurance of postage payment for each 
mailpiece processed. 

The USPS has published draft specifications for the 
IB IP. The INFORMATION BASED INDICIA PROGRAM 
(IBIP) INDICIUM SPECIFICATION, dated June 13, 20 
1996 defines the proposed requirements for a new indi- 
cium that will be applied to mail being processed using 
the IBIP. The INFORMATION BASED INDICIA PRO- 
GRAM POSTAL SECURITY DEVICE SPECIFICATION, 
dated June 13. 1996, defines the proposed require- 25 
ments for a Postal Security Device (PSD) that will pro- 
vide security services to support the creation of a new 
"information based" postage postmark or indicium that 
will be applied to mail being processed using the IBIP. 
The INFORMATION BASED INDICIA PROGRAM 30 
HOST SYSTEM SPECIFICATION, dated October 9, 
1996, defines the proposed requirements for a host sys- 
tem element of the IBIP. The specifications are collec- 
tively referred to herein as the "IBIP Specifications". The 
IBIP includes interfacing user (customer), postal and 35 
vendor infrastructures which are the system elements of 
the program. 

The user infrastructure, which resides at the user's 
site, comprises a postage security device (PSD) cou- 
pled to a host system. The PSD is a secure processor- 40 
based accounting device that dispenses and accounts 
for postal value stored therein. The host system may be 
a personal computer (PC) or a meter-based host proc- 
essor. Among the various requirements set forth in the 
Host System Specification is that the host system veri- 45 
fies that the coupled PSD is "the expected PSD". Con- 
ventional postage metering devices and recent digital 
metering devices, such as PostPerfect and Personal 
Post Office, both manufactured by the assignee of the 
present invention, do not include such verification, so 
Thus, a method for achieving such verification is 
desired. 

U.S. Patent No. 5,510.992 discloses a method 
whereby the host PC verifies that a storage means that 
is coupled to the host PC and has postal value stored 55 
therein, is authorized far use with the host PC. The 
method comprises the steps of storing a unique identi- 
fier, such as a serial number, in the storage means 



when the storage means is filled with postal value, and 
sending the unique identifier to the host PC when post- 
age value is requested for dispensing. The host PC then 
verifies that the storage means is authorized for use 
with the host PC by confirming that the unique identifier 
retrieved from the storage device is the same as one 
stored in the host PC. Although such method verifies 
that the storage means is the expected storage device, 
the storage means is not a PSD because it is not a proc- 
essor-based accounting device that dispenses and 
accounts for postal value stored therein. Furthermore, 
the verification of the serial number in the host PC is 
subject to fraud. 

It has been found that the present invention pro- 
vides a more secure and reliable system and method for 
verifying the expected PSD is coupled to the host PC. It 
has further been found that the present invention pro- 
vides a secure and reliable system and method for veri- 
fying the expected host PC is coupled to the PSD. 

The present invention provides a secure and relia- 
ble method for verifying in the host system that the 
expected PSD is coupled to the host system. In accord- 
ance with the present invention, a random number is 
generated in the host system and encrypted with a PSD 
state identification number. The encrypted random 
number is then sent to the PSD. The PSD decrypts the 
encrypted random number received using the PSD 
state identification number and sends the decrypted 
random number to the host system. The host system 
compares the decrypted random number received from 
the PSD to the random number generated in the host 
system. If they are the same, the host system has veri- 
fied the expected PSD and has also verified that the 
PSD has not completed any transactions apart from the 
host system. A method for verifying that the expected 
host is coLpled to the PSD mirrors the method for veri- 
fying the expected PSD. 

The above and other objects and advantages of the 
present invention will be apparent upon consideration of 
the following detailed description, taken in conjunction 
with accompanying drawings, in which like reference 
characters refer to like parts throughout, and in which: 

Fig. 1 is a block diagram of a postage metering sys- 
tem in accordance with the present invention show- 
ing a process for storing keys in a host system and 
a PSD coupled thereto; 

Fig. 2 is a flow chart showing an alternate process 
for storing keys in a host system and a PSD cou- 
pled thereto; 

Fig. 3 is a flow chart of a preferred method for veri- 
fying the expected PSD is coupled to the host sys- 
tem; and 

Fig. 4 is a flow chart of showing a method corre- 
sponding to that of Fig. 3 for verifying the expected 
host system. 

In describing the present invention, reference is 
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made to the drawings, wherein there is seen system 
and methods for verifying the expected postage security 
device in a host system and conversely verifying the 
expected host system. Referring now to Fig. 1 , a post- 
age metering system, generally designated 10, includes 
a Host PC 20 coupled to a PSD 30, a Data Center 40 
and a manufacturer 50. The manufacturer 50 initializes 
PSD 30 with an identification number such as PSD ID 
32, and a cryptographic key, such as PSD private key 
34. The manufacturer 50 also sends the PSD ID 32 and 
a cryptographic key corresponding to the key in the PSD 
30, such as PSD public key 36, to the Data Center 40. 
The Data Center 40 then sends the PSD ID 32 and the 
public key 36, to the Host PC 20. For the purpose of 
describing the present invention, the PSD private and 
public keys are stored in PSD 30 and Host PC 20 
respectively. It will be understood that a secret key 
shared by the Host PC and the PSD may be used in 
place of such key pair. 

The Host PC 20 and PSD 30 each include a micro- 
processor and memory (not shown). The Host PC 20 
further includes a message generator 22 for generating 
a message. The message may be a random number or 
may include data indicating status of the PSD, for exam- 
ple a checksum 24 of PSD transaction records stored a 
log files in Host PC 20. For the following description of 
the present invention checksums will be used. The PSD 
records stored in Host PC 20 correspond to PSD 
records stored in PSD 30 for each transaction by PSD 
30. For a more detailed description of such storage of 
PSD records see European Patent Publication Number 
0780808, assigned to the assignee of the present 
invention, and which is incorporated herein by refer- 
ence. 

Referring now to Fig. 2, an alternate method for ini- 
tialising the PSD with a cryptographic key is shown. At 
step 100, Host PC 20 generates a secret key or a key 
pair. The key or key pair is stored in Host PC 20, at step 
105. Host PC 20 the sends the secret key or one of the 
keys of the key pair to PSD 30, at step 110. PSD 30 
stores the key received from Host PC 20, at step 115. 

Referring now to Fig. 3, a method is shown for veri- 
fying in Host PC 20 that the expected PSD is coupled 
thereto. At step 200, the Host PC generates a random 
number which is then encrypted, at step 205, with a 
PSD state identif ication number or data. In the preferred 
embodiment of the present invention, the PSD state 
identification number or data represents a predeter- 
mined status of the PSD after the previous transaction 
between the Host PC and the PSD. For example, the 
PSD state identification number or data may be a 
checksum of the PSD transaction logs or the last ran- 
dom number generated for the purpose of verifying the 
PSD. At step 210, the encrypted random number is sent 
to the PSD. At step 215. the PSD decrypts the 
encrypted random number received from the Host PC 
using the same PSD state identification number or data 
that was used by the Host PC. At step 220, the PSD 



sends the decrypted random number, (or a message 
derived therefrom), to the Host PC. 

At step 225, the Host PC verifies that the random 
number received from the PSD is the same as the ran- 

5 dom number generated in the Host PC. (or that the mes- 
sage derived therefrom corresponds to the random 
number). If not the same at step 230, the Host PC flags 
an error and rejects the PSD from processing any fur- 
ther transactions, at step 235. If the random number 

10 received from the PSD is the same as the random 
number generated in the Host PC, at step 240, the Host 
PC has verified that the expected PSD is coupled to the 
Host PC and has not processed any transactions apart 
from the Host PC. Thus, the Host PC can begin request- 

75 ing postal value from the PSD. 

Referring now to Fig. 4, it may be required that in 
addition to the Host PC verifying the expected PSD, the 
PSD verify that the expected Host PC is coupled to the 
PSD. In the preferred embodiment of the present inven- 

20 tion, such verification of the expected Host PC mirrors 
the process for verifying the expected PSD as set forth 
above. 

At step 300, the PSD generates a random number 
which is then encrypted, at step 305, with a PSD state 

25 identification number or data. At step 310. the 
encrypted random number is sent to the Host PC. At 
step 315, the Host PC decrypts the encrypted random 
number received from the PSD using the same PSD 
state identification number or data that was used by the 

30 PSD. At step 320, the Host PC sends the decrypted ran- 
dom number to the PSD. 

At step 325, the PSD verifies that the random 
number received from the Host PC is the same as the 
random number generated in the PSD. If not the same 

35 at step 330, the PSD flags an error which prevents the 
PSD from processing any further transactions, at step 
335. If the random number received from the Host PC is 
the same as the random number generated in the PSD, 
at step 340. the PSD has verified that the expected Host 

40 PC is coupled to the PSD and the PSD has not proc- 
essed any transactions apart from the Host PC. 

It has been found that the present invention is suit- 
able for use with any security device that is coupled to a 
host system in an unsecured manner. For example, the 

45 present invention could be used for a certificate meter- 
ing system such as disclosed in European Patent Publi- 
cation No. 0762692, filed August 21, 1996, assigned to 
the assignee of the present invention, and which is 
incorporated herein by reference. 

so While the present invention has been disclosed and 
described with reference to specific embodiments 
thereof, it will be apparent, as noted above.that varia- 
tions and modifications may be made therein. It is, thus, 
intended in the following claims to cover each variation 

55 and modification, including a certificate metering sys- 
tem, that falls within the true spirit and scope of the 
present invention. 
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Claims 

1 . A method for verifying in a host system that a post- 
age security device (PSD) is the expected PSD and 
that the PSD has not completed transactions with s 
other than the host system, the method comprising 
the steps of: 

generating a first message in the host system; 
generating in the host system first identification w 
data using first transaction records stored in 
the host system, said first identification data 
representing a predetermined status of the 
PSD after the previous transaction between the 
host system and the PSD; 75 
encrypting the first message with the first iden- 
tification data; 

sending the encrypted first message to the 
PSD; 

generating in the PSD second identification 20 
data using second transaction records stored 
in the PSD, said second identification data rep- 
resenting the predetermined status of the PSD 
after the previous transaction between the host 
system and the PSD; 25 
decrypting the encrypted first message with the 
second identification data; 
sending to the host system a second message 
derived from the decrypted first message; and 
verifying in the host system that the second 30 
message corresponds to the first message. 

2. The method of claim 1 wherein the first message 
includes data indicating status of the PSD based on 
PSD transaction records stored in the host system. 35 



6. 



the previous transaction between the computer 
system and the microprocessor-based system; 
encrypting the message with the identification 
data; 

sending the encrypted message to the micro- 
processor-based system; 
generating in the microprocessor-based sys- 
tem second identification data using second 
transaction information stored in the microproc- 
essor-based system, said second identification 
data representing the predetermined status of 
the microprocessor-based system after the 
previous transaction between the computer 
system and the microprocessor-based system; 
decrypting the message with the second identi- 
fication data; 

sending a message derived from the decrypted 
message to the computer system; and 
verifying in the computer system that the 
derived message corresponds to the gener- 
ated message. 

The method of claim 1 or 5 wherein the message 
generated is random data. 

The method of claim 5 wherein the message gener- 
ated includes data indicating status of the micro- 
processor-based system based on microprocessor- 
based system transaction records stored in the 
computer system. 

The method of claim 7 wherein the data indicating 
status of the microprocessor-based system is a 
checksum of the microprocessor-based system 
transaction records. 



3. The method of claim 1 wherein the second mes- 
sage is the decrypted first message and the step of 
verifying verifies that the second message is the 
same as the first message. 

4. The method of claim 2 wherein the data indicating 
status of the PSD is a checksum of PSD transaction 
records. 

5. A method for verifying in a computer system that a 
microprocessor-based system is the expected 
microprocessor-based system and that the micro- 
processor-based system has not completed trans- 
actions with other than the computer system, the 
method comprising the steps of: 

generating a message in the computer system; 
generating in the computer system first identifi- 
cation data using first transaction information 
stored in the computer system, said first identi- 
fication data representing a predetermined sta- 
tus of the microprocessor-based system after 



9. The method of claim 1 or 5 wherein the computer 
system is a personal computer. 

40 10. The method of claim 1 or 5 wherein the first and 
second identification data include at least one of a 
checksum, control sum, ascending register, 
descending register and random data from the pre- 
vious transaction. 



45 



50 



55 



11. The method of claim 5 wherein the derived mes- 
sage is the decrypted message and the step of ver- 
ifying verifies that the decrypted message is the 
same as the generated message. 

12. A method for verifying in a host system that a post- 
age security device (PSD) is the expected PSD, 
that the host system is the expected host system 
and that the PSD has not completed transactions 
with other than the host system, the method com- 
prising the steps of: 

generating a first message in the host system; 
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generating in the host system first identification 
data using first transaction records stored in 
the host system, said first identification data 
representing a predetermined status of the 
PSD after the previous transaction between the 5 
host system and the PSD; 
encrypting the first message with the first iden- 
tification data; 

sending the encrypted first message to the 
PSD: 10 
generating in the PSD second identification 
data using second transaction records stored 
in the PSD, said second identification data rep- 
resenting the predetermined status of the PSD 
after the previous transaction between the host 15 
system and the PSD; 

decrypting the encrypted first message with the 
second identification data; 
sending a message derived from the decrypted 
first message to the host system; 20 
verifying in the host system that the message 
derived from the decrypted first message cor- 
responds to the generated first message; 
generating a second message in the PSD; 
encrypting the second message with the sec- 25 
ond identification data; 

sending the encrypted second message to the 
host system; 

decrypting the encrypted second message with 
the first identification data; 30 
sending a message derived from the decrypted 
second message to the PSD; and 
verifying in the PSD that the message derived 
from the decrypted second message corre- 
sponds to the generated second message 35 

13. The method of claim 12 wherein the message 
derived from the decrypted first message is the 
decrypted first message and the message derived 
from the decrypted second message is the 40 
decrypted second message. 
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(54) Method for verifying the expected postage security device and its status 



(57) A secure and reliable method for verifying in 
the host system that the expected PSD is coupled to the 
host system includes generating a random number in 
the host system and encrypting the random number 
with a PSD state identification number. The encrypted 
random number is then sent to the PSD. The PSD 
decrypts the encrypted random number received using 
the PSD state identification number and sends the 
decrypted random number to the host system. The host 



system compares the decrypted random number 
received from the PSD to the random number gener- 
ated in the host system. If they are the same, the host 
system has verified the expected PSD and has also ver- 
ified that the PSD has not completed any transactions 
apart from the host system. A method for verifying that 
the expected host is coupled to the PSD mirrors the 
method for verifying the expected PSD. 
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